Virtual network permissions - Security bug?

Hello,

in Sunstone, as oneadmin I created a new user group ‘network’ and a new virtual network '‘vnetwork’. I set the group of ‘vnetwork’ to ‘network’ and gave it permissions “Use, Manage, Admin” for the owner and “Use” for group members. Then, I logged in as a user not belonging to group 'network" and discovered that despite of that the new virtual network was visible for that user.

Is it possible to prevent a user from even seeing a virtual network if he has no permissions for that network?

Regards
Christoph

It is even worse - I can use the network though I have no permissions on it!

No reply after more than one week to a thread about a probable security bug?

This is most likely a configuration issue.

Have you removed the default VDC?

http://docs.opennebula.org/5.2/operation/users_groups_management/manage_vdcs.html#the-default-vdc

The default VDC cannot be deleted. So, I created a new VDC and then moved everything from the default VDC to the new VDC. But that did not help, as I had already expected. Probably I can solve the problem by not only creating a separate group for every virtual network, but also a separate VDC. But what is the sense of virtual network permissions then?

Sorry, I wasn’t clear in my comment.

Have you tried removing the group from the default VDC?

I did, but then I do not know what the sense of the virtual network permissions is if I have to create a new VDC for any virtual network and group anyway.

They are complementary mechanisms, depending on the use case you can use permissions, VDCs or both combined.

I have the same problem, I need same VDC but each group has private virtual networks.